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REMARKS 

Claim 1 has been amended to recite a reception arrangement and a connection 
redirecting arrangement; the reception arrangement is disclosed in paragraphs 0058, 0060 
and 0062 of the application as published and the connection redirecting arrangement is 
disclosed in paragraph 0068 of the published application. The independent claims have 
been amended so they are directed to the embodiment described in connection with figure 
3 and in the spirit of claim 5, as previously submitted, wherein there is no connection 
between the user terminal and the authentication server, as in step E2 of figure 2. Claim 4 
has been canceled to expedite prosecution. Claims 12-17, respectively similar to claims 2, 
3, and 5-8, and claims 1 8-20 have been added to provide applicants with the protection to 
which they are entitled. Claims 1 -8 have been amended to overcome the objection thereof 
set forth on pages 2 and 3 of the office action. 

Applicants traverse the rejection of claims 1 and 1 1 under 35 USC 101 . The 
recitation of a server in claim 1 and a data processor arrangement in claim 1 1 causes 
these claims to be directed to an apparatus. It has been held by the Court of Appeals 
for the Federal Circuit that a claim defines a useful machine if it identifies the physical 
structure of the machine in terms of its hardware, or hardware and software 
combination. In re Lowry, 32 F.3d 1579, 1583, 32 USPQ2d 1031, 1034-1035 (CAFC 
1994); In re Warmerdam, 33 F.3d 1354, 1361, 32 USPQ2d 1754, 1760 (CAFC 1994. 
The words "server" and "data processor arrangement" satisfy the requirement for a 
physical structure of a machine to be identified. Despite applicants' belief that claims 1 
and 1 1 , as previously submitted comply with 35 USC 1 01 , these claims have been 
amended to further comply with 35 USC 101. In particular, claim 1 now requires a 
reception arrangement and a connection redirector arrangement, both of which are 
physical parts of a machine. Claim 1 1 is now directed to an authentication server 
arrangement including physical structures in the form of a receiver arrangement, 
selector arrangement, authenticator arrangement and connection redirector 
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arrangement. Claim 1 0 has been amended so it complies with 35 USC 1 01 . 

The double patenting rejection of claims 1-11 is provisional. Because the claims 
of neither application have been indicated as allowable, applicants withhold responding 
to the provisional double patenting rejection at the present time. 

The rejection of all claims as being obvious as a result of Sawa et al., US Patent 
Publication 2003/0097953, as modified by Ritola et al., US Patent Publication 
2005/0289341, is overcome by the amendments to the independent claims. Sawa 
discloses a mobile agent 14, i.e., a program, configured by a server 10 for dynamically 
executing an authentication method of a user terminal to thereby activate a Web 
application 15 [0050, 0051, Fig. 2]. A request for the Web application 15 from a user 
terminal is received by Web server 13 included in server 10 to select an authentication 
method suitable for the user terminal from among a plurality of authentication methods 
[0053]. 

Because Web server 13 and Web application 15 are both included in server 10, 
server 10 includes an arrangement for accessing a service (Web application) dispensed 
by only one provider and an arrangement for authenticating any user requesting the 
service. As indicated by page 9 of the office action, with respect to claim 5 "Sawa does 
not explicitly teach an authentication server wherein the selector arrangement performs 
tasks. . . in response to a connection set up between said user terminal and said selecting 
arrangement (emphasis added)." 

Claim 1 requires a provider identifier, and thus a service, to be selected by the user 
terminal from among plural provider identifiers identifying service servers to start an 
authentication of the user in only one authentication server, irrespective of the number of 
the service servers and the selected provider identifier, i.e., the selected service server. 
Claim 1 indicates there is only one authentication server which is distinct from the service 
servers, i.e., which is not included in a service server. 

This feature has two important advantages. 

i) The number of service servers can be very high and the service servers 
required by the server of claim 1 can be less expensive than the Sawa service servers 1 0, 
each of which must include an agent mobile for executing an authentication method 
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responsive to a service request from a user terminal. 

ii) For each service request in claim 1 , no connection between the terminal and 
the service server designated by the selected provider identifier is established (Fig. 3, step 
16) before authenticating the user [Fig. 3, F53, 0061; and Fig. 3, F16 after F4; 0067, 
0068]. Web server 13 in server 10 of Sawa is always requested independently of the 
result of the subsequent authentication method and its operation is disturbed by failed 
authentication methods. 

Therefore Sawa fails to disclose a selector arrangement for selecting an 
authentication identifier in a memory as a function of a selected provider because the 
Sawa service server 10 is associated with one service provider and is not dedicated only 
to user authentication in association with plural service servers. More precisely, Sawa fails 
also to provide the claim 1 requirements of "to authorize said user to access a service 
dispensed by one of said service servers (distinct from the claimed authentication server) 
of providers identified respectively by provider identifiers" and "a reception arrangement in 
an authentication server (and not in a selected service server) for receiving a provider 
identifier selected in said terminal from said terminal in response to a connection set up 
between said terminal and said authentication server" (and not in a selected service 
server). 

As shown in Fig. 4 of Ritola (US 2005/0289341), user terminal 4 contacts service 
provider 6 which sends an authentication request via the user terminal to identity provider 
8 selected (1) by the user or (2) automatically by the user terminal to authenticate the user 
as a function of authentication information sent from the user terminal [0048]. The identity 
provider is selected at the user terminal by using an I DP application that compares the 
identifiers of identity providers sent in the authentication request by the service provider to 
identifiers of identity providers stored in the memory 40 of the terminal [0051]. 

If the Sawa user terminal transmits the identifier of an identity provider, i.e., the 
identifier of an authentication method, to the Sawa server 1 0 as advocated by the office 
action, the Sawa server still has the two above disadvantages, so one of ordinary skill in 
the art would see no reason to make the combination the office action suggests. 
Consequentially, the independent claims are not rendered obvious by the combination of 
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Sawa and Ritola. 

While the assembly of the Ritola identity providers might be similar to an 
authentication server including authentication methods, as suggested by Sawa server 10, 
Ritola indicates that the particular service provider 6 selected by the user transmits 
identifiers of identity providers, i.e., authentication identifiers of authentication methods, to 
the user terminal to select an identity provider. Transmitting identifiers of identity providers 
from the particular service provider 6 selected by the user is only possible if a connection 
between the user terminal and the selected service provider is set up before selecting an 
identity provider, i.e., an authentication method, and before authenticating the user in the 
selected identity provider. 

Therefore, the combination of Sawa in view of Ritola has the above drawback ii): 
Web server 13 in Sawa server 10 or the selected service provider 6 in Ritola is always 
requested independently of the result of the subsequent authentication method and its 
operation is disturbed by requests from user terminals for which the authentication 
methods fail. As a result one of ordinary skill in the art would not have combined these 
two references; there is no point in the combination. 

In the claimed authentication server and the claimed method for automatically 
selecting one of a plurality of authentications, there is no connection between the user 
terminal and the service server corresponding to the selected provider identifier before 
authentication of the user, in comparison with operations 62 and 64 of Ritola. The 
reception arrangement in claim 1 for receiving a provider identifier selected in said terminal 
from said terminal in response to a connection set up between said terminal and said 
authentication server is not suggested over Sawa in view of Ritola. This point is 
emphasized in new dependent claims 18-20. 

Based on the foregoing the independent claims are not rendered obvious by Sawa 
and Ritola. It follows that the dependent claims are unobvious over Sawa and Ritola for at 
least these reasons. 

Allowance of claims 1-11 is in order. 
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To the extent necessary, a petition for an extension of time under 37 C.F.R. 1.136 
is hereby made. Please charge any shortage in fees due in connection with the filing of 
this paper, including extension of time fees, to Deposit Account 07-1337 and please credit 
any excess fees to such deposit account. 

Respectfully submitted, 

LOWE HAUPTMAN HAM & BERNER, LLP 

/Allan M. Lowe/ 

Allan M. Lowe 
Registration No. 19,641 



1700 Diagonal Road, Suite 300 

Alexandria, Virginia 22314 

(703) 684-1111 

(703) 518-5499 Facsimile 

Date: April 2, 2009 

AML/cjf 
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